Vulnerabilities > Unrestricted Upload of File with Dangerous Type
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-07 | CVE-2018-10795 | Unrestricted Upload of File with Dangerous Type vulnerability in Liferay Portal Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html URI. | 8.8 |
| 2018-05-02 | CVE-2018-0258 | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco products A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. | 9.8 |
| 2018-05-02 | CVE-2018-10577 | Unrestricted Upload of File with Dangerous Type vulnerability in Watchguard products An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. | 8.8 |
| 2018-05-01 | CVE-2016-10036 | Unrestricted Upload of File with Dangerous Type vulnerability in Jfrog Artifactory Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file. | 9.8 |
| 2018-04-27 | CVE-2018-10521 | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory. | 2.7 |
| 2018-04-27 | CVE-2018-10469 | Unrestricted Upload of File with Dangerous Type vulnerability in B3Log Symphony 2.6.0 b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI. | 9.8 |
| 2018-04-25 | CVE-2018-10375 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7 A file uploading vulnerability exists in /include/helpers/upload.helper.php in DedeCMS V5.7 SP2, which can be utilized by attackers to upload and execute arbitrary PHP code via the /dede/archives_do.php?dopost=uploadLitpic litpic parameter when "Content-Type: image/jpeg" is sent, but the filename ends in .php and contains PHP code. | 9.8 |
| 2018-04-20 | CVE-2018-10173 | Unrestricted Upload of File with Dangerous Type vulnerability in Digitalguardian Management Console 7.1.2.0015 Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of Arbitrary File Upload functionality. | 8.8 |
| 2018-04-16 | CVE-2018-9153 | Unrestricted Upload of File with Dangerous Type vulnerability in Zblogcn Z-Blogphp 1.5.1 The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. | 7.2 |
| 2018-04-11 | CVE-2016-10258 | Unrestricted Upload of File with Dangerous Type vulnerability in Broadcom Advanced Secure Gateway and Symantec Proxysg Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. | 6.8 |